Vulnerability Details : CVE-2014-5091
Potential exploit
A vulnerability exits in Status2K 2.5 Server Monitoring Software via the multies parameter to includes/functions.php, which could let a malicious user execute arbitrary PHP code.
Vulnerability category: Input validation
Products affected by CVE-2014-5091
- cpe:2.3:a:status2k:status2k:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-5091
43.33%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-5091
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2014-5091
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-5091
-
https://www.securityfocus.com/bid/69008
Status2k 'functions.php' Arbitrary PHP Code Execution VulnerabilityThird Party Advisory;VDB Entry
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/95111
Status2k functions.php code execution CVE-2014-5091 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://packetstormsecurity.com/files/127719/Status2k-XSS-SQL-Injection-Command-Execution.html
Status2k XSS / SQL Injection / Command Execution ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
http://www.exploit-db.com/exploits/34239
Status2k Server Monitoring Software - Multiple Vulnerabilities - PHP webapps ExploitExploit;Third Party Advisory;VDB Entry
Jump to